Skip to content

Commit

Permalink
github-actions: use ec github secret (#13441)
Browse files Browse the repository at this point in the history 
* github-actions: use ec github secret

* vault free

* typo
  • Loading branch information
@v1v
v1v authored Jun 19, 2024
1 parent cc43962 commit 9cc9984
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 65 deletions.
18 changes: 4 additions & 14 deletions .github/workflows/benchmarks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@ jobs:
GOBENCH_PASSWORD: ${{ secrets.GOBENCH_PASSWORD }}
GOBENCH_USERNAME: ${{ secrets.GOBENCH_USERNAME }}
GOBENCH_HOST: ${{ secrets.GOBENCH_HOST }}
# TODO: use keyless
EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.OBSERVABILITY_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OBSERVABILITY_AWS_SECRET_ACCESS_KEY }}
steps:
- uses: actions/checkout@v4

Expand All @@ -73,20 +77,6 @@ jobs:
echo "BENCHMARK_RUN=${{ inputs.benchmarkRun }}" >> "$GITHUB_ENV"
fi
- uses: hashicorp/[email protected]
env:
AWS_CREDENTIALS_PATH: secret/observability-team/ci/elastic-observability-aws-account-auth
EC_CREDENTIALS_PATH: secret/observability-team/ci/elastic-cloud/observability-team-pro
with:
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
method: approle
secrets: |
${{ env.AWS_CREDENTIALS_PATH }} access_key | AWS_ACCESS_KEY_ID ;
${{ env.AWS_CREDENTIALS_PATH }} secret_key | AWS_SECRET_ACCESS_KEY ;
${{ env.EC_CREDENTIALS_PATH }} apiKey | EC_API_KEY ;
- name: Log in to the Elastic Container registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
Expand Down
20 changes: 8 additions & 12 deletions .github/workflows/generate-smoke-tests-list/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,12 @@ name: generate-smoke-tests-list
description: Generate smoke tests list

inputs:
vault-url:
description: 'Vault URL'
required: false
vault-role-id:
description: 'Vault role ID'
required: false
vault-secret-id:
description: 'Vault secret ID'
required: false
aws-csv-file:
description: 'Content with the AWS csv file'
required: true
aws-profile:
description: 'aws profile'
required: true
outputs:
tests:
description: "List of smoke tests"
Expand All @@ -27,9 +24,8 @@ runs:
- name: Setup cluster env
uses: ./.github/workflows/setup-cluster-env
with:
vault-url: ${{ inputs.vault-url }}
vault-role-id: ${{ inputs.vault-role-id }}
vault-secret-id: ${{ inputs.vault-secret-id }}
aws-csv-file: ${{ inputs.aws-csv-file }}
aws-profile: ${{ inputs.aws-profile }}
- id: generate
name: Generate matrix and date
run: |
Expand Down
32 changes: 7 additions & 25 deletions .github/workflows/setup-cluster-env/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,12 @@ name: setup-cluster-env
description: Setup cluster env

inputs:
vault-url:
description: 'Vault URL'
aws-csv-file:
description: 'Content with the AWS csv file'
required: true
vault-role-id:
description: 'Vault role ID'
aws-profile:
description: 'aws profile'
required: true
vault-secret-id:
description: 'Vault secret ID'
required: true
ec-key-secret:
default: 'secret/observability-team/ci/elastic-cloud/observability-team-pro'
description: 'EC Key secret'
required: false
aws-account-secret:
default: 'secret/observability-team/ci/elastic-observability-aws-account-auth'
description: 'AWS account secret'
required: false

runs:
using: "composite"
Expand All @@ -31,16 +20,6 @@ runs:
cache-dependency-path: |
go.sum
tools/go.sum
- uses: hashicorp/[email protected]
with:
url: ${{ inputs.vault-url }}
roleId: ${{ inputs.vault-role-id }}
secretId: ${{ inputs.vault-secret-id }}
method: approle
secrets: |
${{ inputs.ec-key-secret }} apiKey | EC_API_KEY ;
${{ inputs.aws-account-secret }} user | AWS_PROFILE ;
${{ inputs.aws-account-secret }} csv | AWS_ACCOUNT_IMPORT
- name: Configure AWS account
run: |
echo "${AWS_ACCOUNT_IMPORT}" > ${{ runner.temp }}/account.csv;
Expand All @@ -49,3 +28,6 @@ runs:
echo 'AWS_ACCOUNT_IMPORT=' >> ${GITHUB_ENV};
rm -f ${{ runner.temp }}/account.csv;
shell: 'bash'
env:
AWS_ACCOUNT_IMPORT: ${{ inputs.aws-csv-file }}
AWS_PROFILE: ${{ inputs.aws-profile }}
14 changes: 6 additions & 8 deletions .github/workflows/smoke-tests-ess.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,8 @@ jobs:
name: Generate matrix and date
uses: ./.github/workflows/generate-smoke-tests-list
with:
vault-url: ${{ secrets.VAULT_ADDR }}
vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}

smoke-tests-ess:
name: Run smoke tests ${{ matrix.test }} for ${{ matrix.version }}
Expand All @@ -42,6 +41,8 @@ jobs:
TF_VAR_BRANCH: ${{ github.ref_name }}
TF_VAR_REPO: ${{ github.repository }}
TF_VAR_CREATED_DATE: ${{ needs.prepare.outputs.date }}
# TODO: use keyless
EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }}
strategy:
fail-fast: false
matrix:
Expand All @@ -56,11 +57,8 @@ jobs:
- name: Setup cluster env
uses: ./.github/workflows/setup-cluster-env
with:
vault-url: ${{ secrets.VAULT_ADDR }}
vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
ec-key-secret: 'secret/observability-team/ci/elastic-cloud/observability-team-pro'
aws-account-secret: 'secret/observability-team/ci/elastic-observability-aws-account-auth'
aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}
- name: Run smoke tests ${{ matrix.test }} for ${{ matrix.version }}
run: make smoketest/run-version TEST_DIR=${{ matrix.test }} SMOKETEST_VERSION=${{ matrix.version }}
- if: always()
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/smoke-tests-os.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,8 @@ jobs:
name: Generate matrix and date
uses: ./.github/workflows/generate-smoke-tests-list
with:
vault-url: ${{ secrets.VAULT_ADDR }}
vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}

smoke-tests-os:
name: Run smoke tests OS
Expand All @@ -41,6 +40,8 @@ jobs:
TF_VAR_BRANCH: ${{ github.ref_name }}
TF_VAR_REPO: ${{ github.repository }}
TF_VAR_CREATED_DATE: ${{ needs.prepare.outputs.date }}
# TODO: use keyless
EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }}
steps:
- uses: actions/checkout@v4
with:
Expand All @@ -50,9 +51,8 @@ jobs:
- name: Setup cluster env
uses: ./.github/workflows/setup-cluster-env
with:
vault-url: ${{ secrets.VAULT_ADDR }}
vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}
- name: Run smoke tests OS
working-directory: ${{ github.workspace }}/testing/smoke/supported-os
run: ./test.sh ${VERSION}-SNAPSHOT

0 comments on commit 9cc9984

Please sign in to comment.